Healthcare

Healthcare Provider Complete Care Gains Control Over Its Network and Costs

Firewall as a Service
Secure Direct Internet Access
quotes
“We have a lot of control over the network through the portal. We can layer on security and move forward quickly. It’s great for us as a managed services provider but at the same time it’s great for the customer because it’s something they want and need and now realize they can’t live without.”
Eric Norberg ,CTO

The Challenge: Eliminate the Growing Pains of an Ad Hoc Network by Deploying a More Secure, More Reliable Network

Like many companies, Complete Care Community Health Center (CCCHC) faced the complex mix of technologies often encountered when going through a merger and acquisition (M&A). The healthcare group devoted to serving Los Angeles had been adding clinics and services over the past decade. Those new facilities brought their own technologies leaving CCCHC with a hodge-podge of network technologies, firewalls, and voice systems.

The clinics were connected by Internet-based VPN across a mix of DSL, T1, and fiber lines. Without a consistent network platform, availability was an issue. There were no SLAs with the multiple carriers and little redundancy built into the network.

Bandwidth costs were also an issue. Some sites had dual circuits because they needed the bandwidth. One site had to connect to the network via LTE, and this service alone cost $2,000 a month. A less expensive DSL line was installed for backup but sat idle much of the time.

Each new clinic also brought its own basic firewall, leading to a mix of legacy products and no standardization among them. This made it hard to configure and enforce consistent policies to ensure that patient data was secure and HIPAA compliance requirements would be met. It also meant that CCCHC lost network-wide visibility having to probe each firewall to piece together an overall understanding of the network.

The network’s instability impacted company operations. Voice services at each clinic were provided through local key systems and telephone lines. As a result, forwarding calls to a centralized call center became difficult and unreliable. Better voice solutions certainly existed but CCCHC’s network meant the company couldn’t take advantage of them.

Accessing the company’s NextGen Healthcare practice management software also became a problem. More than 150 employees across the clinics relied on this SaaS application, all accessed from across the VPN. But the setup and maintenance of the VPNs took too much time.

“Having separate firewalls and separate VPN configurations was very cumbersome and messy,”

 

“Having separate firewalls and separate VPN configurations was very cumbersome and messy,” says Eric Norberg, CTO at CCCHC. “Cato streamlined all of this through their Private Network and their simple consolidated portal for management.”

CCCHC also struggled with a lack of internal, skilled IT resources. Because of the disparate systems, the costs to support it all were skyrocketing, especially on the voice systems and Internet usage. The IT team had limited capacity to integrate the complex network and negotiate favorable telecom contracts.

Koi Consulting Group Recommended Cato to Both Unify and Simplify Networking and Security

CCCHC brought in the Koi Consulting Group, a technology strategy group to implement a managed infrastructure. Mark Manuel, Founder and Technology Architect at Koi Consulting, says that CCCHC was hindered by its make-shift network and the lack of visibility and governance of its systems.

“Things were spiraling out of control and the systems just didn’t work together.”

“The company was experiencing extreme growing pains with its IT systems,” says Manuel. “Their understanding of their network and the cost of operating it were the biggest factors. Things were spiraling out of control and the systems just didn’t work together.”

Rebuilding the on-premise network would require replacing a lot of existing circuits and equipment, which would be cost prohibitive. Koi Consulting recommended redesigning the company’s network and delivery of critical IT services based on Cato’s cloud-based network.

“We like Cato’s concept of all-in-one network and security, especially the next generation firewalls,”

“We like Cato’s concept of all-in-one network and security, especially the next generation firewalls,” says Manuel. “It allows us to take a holistic approach to providing CCCHC everything they need right now, all managed through one portal. It just makes sense. Later, we can add additional services like managed threat detection and response, and advanced virus protection as needed.”

Cato Brings Network Management, Costs Under Control

Koi Consulting rolled out the Cato network at the healthcare clinics quickly. The only hiccup came when they had to wait for the local carrier to upgrade some of the communication lines. “We added second circuits for some of the sites, did some IP adds and designed a VLAN for the voice services,” says Norberg. “Overall, it’s been a very smooth deployment.”

Now, instead of VPNs between the firewalls at all of the clinics, the clinics simply run a Cato Socket and send all traffic, including the traffic for the practice management SaaS application, across an encrypted tunnel to the nearest Cato point of presence (PoP) for security inspection and then forwarding along the optimum path to the destination.

The security inspection is carried out by the Cato PoP software, which includes a suite of enterprise-grade security services including next-gen firewall/VPN, Secure Web Gateway, Advanced Threat Prevention, Cloud and Mobile Access Protection, and a Managed Threat Detection and Response (MDR) service. All are updated and maintained by Cato, giving CCCHS an always current security infrastructure – a fact that is especially important for the HIPAA-regulated, healthcare industry.

“We had a file sharing application that was just killing our network because it was always on. Now we’ve set the application to use bandwidth when the network isn’t busy. That alone has made a huge difference.”

And with one network connecting all offices, CCCHC has gained a single pane of glass for their network. The instant visibility was a “real eye-opener” that allowed CCCHC to shape the traffic and prioritize applications. “We had a file sharing application that was just killing our network because it was always on,” says Norberg, “Now we’ve set the application to use bandwidth when the network isn’t busy. That alone has made a huge difference.”

The network improvements introduced by Cato has also meant CCCHC could improve its communication system. “With Cato providing the redundancy and security, we’ve been able to move to a completely hosted environment for voice,” says Norberg.

“With Cato, we were able to offload the non-critical applications to the cheap DSL line and leave the LTE for the high priority applications. This bandwidth management dropped their cost from $2,000 to $300 a month, and we were able to control that ourselves.”

The self-management aspect of the Cato network is important. “We can log in, make a couple of changes in the portal, and it’s done,” says Norberg. “Then we can test it and see it in real time. It’s just so easy.” Norberg cites the example of the clinic office that’s dependent on LTE for its communications. “With Cato, we were able to offload the non-critical applications to the cheap DSL line and leave the LTE for the high priority applications. This bandwidth management dropped their cost from $2,000 to $300 a month, and we were able to control that ourselves.”

Other costs have come under control as well. By redesigning their network and going to an IP-based phone system, CCCHC has increased operational efficiency. The company is actually paying less for those services using Cato than they did before.

Koi Finds Value in Delivering Cato as a Managed Service

Koi Consulting will continue to manage the network for CCCHC. “Cato has made it easy for us to support CCCHC today as well as where they want to go,” says Manuel. “We have a lot of control over the network through the portal. We can layer on security and move forward quickly. It’s great for us as a managed services provider but at the same time it’s great for the customer because it’s something they want and need and now realize they can’t live without.”

CCCHC Cato dashboard

CCCHC gets a snapshot of a site’s details directly from the Cato dashboard. Clicking on a site provides detailed link statistics, application metrics, and more.

Manuel adds that they could have chosen some other vendor to partner with, but Cato provides a strong network backbone and the connectors to everything the customer needs. “Cato provides so much control and ease of use in one solution. It gives a lot of visibility and governance over what they need to do and understand.”

“Cato provides so much control and ease of use in one solution. It gives a lot of visibility and governance over what they need to do and understand.”

As for Norberg, he’s excited to finally have a mature security strategy in place. “We are now a corporate entity with a security perimeter around the entire nine locations instead of a mom-and-pop clinic which we were before. Having the insight and control over all aspects of the network and security has changed the dynamic moving forward for good.”

Company Background
Complete Care Community Health Center (CCCHC) provides an array of medical services, health education and health programs to traditionally underserved communities. Founded in 2007, the company is growing through acquisition of small clinics and facilities and now has nine clinic sites across the greater Los Angeles, California area. Numerous acquisitions left CCCHC with a poorly integrated network comprised of disparate equipment and mostly small DSL and T1 communication circuits sourced from multiple carriers. Costs were escalating with each new site addition and firewall security was limited. CCCHC’s technology consultants prescribed Cato for a holistic strategy for networking and security.

Secure Internet Access at the Branch

How much of your MPLS traffic is actually meant for the cloud? Many of Cato customers managed to offload up to 40% of their MPLS lines while solving latency issues, originated by backhauling traffic across their MPLS.

Cato Networks Advanced Security Services